I hope you’re feeling rested and ready to get back on it after the Bank Holiday because there’s some security stuff that you need to get on, pronto (sorry guys). 65m Tumblr emails and passwords have been circulating for the last three years and – even if you’re not a Tumblr user – here’s why you need to pay attention.
Earlier this month, popular blogging site Tumblr revealed that it had been breached back in 2013. At first the company refused to say how many users were affected by the breach – unsurprising, seeing as independent analysis found that it’s racked up at about 65m stolen emails and passwords; to put it in perspective, that’s about the size of the entire UK population waltzing out of your database unnoticed.
Our old friend Troy Hunt at haveibeenpwned.com has the complete data set and – as we mentioned post-LinkedIn breach – you can use his site to check whether you have been ‘pwned’ (clue’s in the title) and to sign up for alerts that let you know when your info is nabbed.
Luckily Tumblr – to give credit where credit’s due – has made the passwords hard to crack through a process called salting and hashing, so when someone tried to sell the info it only brought in a pitiful 150 clams. Still, the info’s out there and that’s not great and, considering it’s been circulating for so long, Troy reckons about half the passwords could still be crackable.
What’s really scary here is how long it took the company to figure out that it had been done in – you can get a degree in three years! To ensure that you’re aware of what’s going down in your system monitoring is key. You can also check your system for potential holes with vulnerability scans and penetration testing – where ‘white hat’ hackers go in and see where your system is most vulnerable to attackers.
For more information on the UKFast security solutions that can protect your business, take a look at our website or give us a call on 0208 0454 945.